mirror of
https://gitlab.com/niansa/magicwrap.git
synced 2025-03-06 20:48:30 +01:00
Print out debug informations in debug mode only and created a new start script
This commit is contained in:
BuildTools
parent
db8b5bed9b
commit
a021fa853a
10 changed files with 110 additions and 39 deletions
15
README.md
15
README.md
|
|
@ -6,16 +6,23 @@ This is a module-based namespace wrapper slightly inspired by magisk. It is comp
|
|||
|
||||
## How to run?
|
||||
1. Install bubblewrap, bash, busybox-static and optionally fakeroot if you want to use the `fakeroot` module.
|
||||
2. Make sure mw.sh and modules/config.sh are marked as executable
|
||||
3. Execute mw.sh
|
||||
2. Run `./main.sh start`
|
||||
|
||||
## Usage
|
||||
`<mwcinit=initscript> <mwcconf=configscript> ./mw.sh <command>`
|
||||
`[mwdebug=true] [mwcinit=/path/to/init.sh] [mwcconf=/path/to/config.sh] ./main.sh <command>`
|
||||
|
||||
## Default settings
|
||||
By default, Magicwrap is optimized to run simple terminal applications securely. Disable or enable modules in modules/{config,init}.sh to make Magicwrap fit your needs.
|
||||
By default, Magicwrap is optimized to run simple terminal applications. Disable or enable modules in modules/{config,init}.sh to make Magicwrap fit your needs.
|
||||
Always enable/disable modules in **both** init.sh and config.sh!!!
|
||||
|
||||
## Module sets
|
||||
Another way to fit magicwrap to your needs is to apply a module set by running: `./main.sh modset <modset>`
|
||||
* **Every module** restricts access to `/etc` and `/var`
|
||||
1. **simple**: Allows access to most directorys
|
||||
2. **complete**: Restricts access to `/home` and `/opt`
|
||||
3. **graphical**: Enables controller and allows access to users home directory and some directorys to run graphical applications properly
|
||||
4. **graphical-adv**: Same as graphical but restricts access to `/home` and `/opt`
|
||||
|
||||
## Module overview
|
||||
1. **base**: Creates base filesystem and init
|
||||
2. **advdirs**: Mounts more directorys (/opt, /srv)
|
||||
|
|
|
|||
7
library.sh
Normal file
7
library.sh
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
debugout () {
|
||||
test "$mwdebug" = "true" &&
|
||||
echo "$@"
|
||||
}
|
||||
errout () {
|
||||
echo "$@" 1>&2
|
||||
}
|
||||
55
main.sh
Executable file
55
main.sh
Executable file
|
|
@ -0,0 +1,55 @@
|
|||
#! /bin/bash
|
||||
|
||||
#LIBRARY
|
||||
. ./library.sh
|
||||
|
||||
#FUNCTIONS
|
||||
runmw () {
|
||||
./mw.sh $params
|
||||
}
|
||||
applymodset () {
|
||||
moddir="./modules/"
|
||||
modset="$1"
|
||||
. ./scripts/modulemgr/modset.sh
|
||||
}
|
||||
showhelp () {
|
||||
sed -e '1,/#\HELPPART/d' "$0"
|
||||
}
|
||||
readme () {
|
||||
mdp ./README.md ||
|
||||
less ./README.md ||
|
||||
cat ./README.md
|
||||
}
|
||||
showlicense () {
|
||||
less ./LICENSE
|
||||
}
|
||||
|
||||
#INIT
|
||||
cd "$(dirname "${BASH_SOURCE[0]}")"
|
||||
params="$(echo "$@" | sed 's|'"$1"'||1')"
|
||||
|
||||
#MAIN
|
||||
case "$1" in
|
||||
start) runmw
|
||||
;;
|
||||
modset) applymodset "$2"
|
||||
;;
|
||||
license) showlicense
|
||||
;;
|
||||
readme) readme
|
||||
;;
|
||||
*) showhelp
|
||||
;;
|
||||
esac
|
||||
exit
|
||||
|
||||
#HELPPART
|
||||
COMMAND LINE OVERVIEW
|
||||
–––––––––––––––––––––––––––––––––
|
||||
Command | Usage | Description
|
||||
start | <command> | Start Magicwrap
|
||||
modset | <modset> | Apply a module set
|
||||
––––––––– Documentation –––––––––
|
||||
help | | Show this help
|
||||
readme | | Show readme
|
||||
license | | Show license
|
||||
|
|
@ -2,8 +2,10 @@
|
|||
/orig/bin/busybox --install -s /busybox
|
||||
export PATH="/bin:$PATH:/busybox"
|
||||
|
||||
. /mwlib.sh
|
||||
|
||||
if [ "$doextpid" = "true" ]; then
|
||||
echo 'I: Starting entrypoint...'
|
||||
debugout 'I: Starting entrypoint...'
|
||||
echo '#! /orig/bin/busybox ash
|
||||
while [ -e /entrypoint ]; do
|
||||
sleep 1
|
||||
|
|
@ -12,7 +14,7 @@ if [ "$doextpid" = "true" ]; then
|
|||
/entrypoint $session &
|
||||
fi
|
||||
|
||||
echo 'I: Creating links...'
|
||||
debugout 'I: Creating links...'
|
||||
(ln -s /orig/bin/* /bin/
|
||||
ln -s /orig/sbin/* /sbin/
|
||||
ln -s /orig/etc/* /etc/
|
||||
|
|
@ -22,7 +24,7 @@ ln -s /orig/lib/i386-*/* "$(echo /orig/lib/i386-*/ | sed 's|/orig||1')"
|
|||
ln -s /orig/lib/* /lib/
|
||||
ln -s /orig/lib64/* /lib64/
|
||||
ln -s /home/* /home/user) 2> /dev/null
|
||||
echo 'I: Executing shell...'
|
||||
debugout 'I: Executing shell...'
|
||||
export HOME="/home/user"
|
||||
export USER="$(whoami)"
|
||||
cd
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
echo 'I: Preparing controldir...'
|
||||
debugout 'I: Preparing controldir...'
|
||||
mkdir "$controldir"/{shared,ro}
|
||||
touch "$controldir"/{cmd,stdout,errout,ro/.lock}
|
||||
|
||||
echo 'I: Starting controlling daemon...'
|
||||
debugout 'I: Starting controlling daemon...'
|
||||
setsid ./data/control/daemon.sh "$controldir" "$sessiondir" "$basedir" &
|
||||
|
||||
echo 'I: Telling init to start entrypoint...'
|
||||
debugout 'I: Telling init to start entrypoint...'
|
||||
export doextpid=true
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
if [ ! -e "/usr/bin/fakeroot" ]; then
|
||||
echo 'E: fakeroot could not be found at /usr/bin/fakeroot but fakeroot module is activated, aborting...'
|
||||
errout 'E: fakeroot could not be found at /usr/bin/fakeroot but fakeroot module is activated, aborting...'
|
||||
exit 35
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
test -d ./data/jailedcfg/etc ||
|
||||
(echo 'I: Unpacking jailedcfgs...' ; cd ./data/jailedcfg/ && tar xJf ./data.tar.xz)
|
||||
(debugout 'I: Unpacking jailedcfgs...' ; cd ./data/jailedcfg/ && tar xJf ./data.tar.xz)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
if [ ! -d ~/.sharedfs/ ]; then
|
||||
echo 'I: Preparing sharedfs...'
|
||||
debugout 'I: Preparing sharedfs...'
|
||||
mkdir -p ~/.sharedfs/{opt,home}
|
||||
cp /etc/skel/.* ~/.sharedfs/home/ 2> /dev/null
|
||||
fi
|
||||
|
|
|
|||
30
mw.sh
30
mw.sh
|
|
@ -1,18 +1,17 @@
|
|||
#! /bin/bash
|
||||
|
||||
#LICENSE
|
||||
echo 'Magicwrap Copyright (C) 2019 niansa@gitlab.com This program comes with ABSOLUTELY NO WARRANTY; for details read LICENSE. This is free software, and you are welcome to redistribute it under certain conditions; read LICENSE for more details.'
|
||||
echo
|
||||
|
||||
#FUNCTIONS
|
||||
cleanup () {
|
||||
echo 'I: Cleaning up...'
|
||||
debugout 'I: Cleaning up...'
|
||||
rm -rf "$sessiondir"
|
||||
rm -rf "$controldir"
|
||||
}
|
||||
|
||||
#LIBRARY
|
||||
. ./library.sh
|
||||
|
||||
#INIT
|
||||
echo 'I: Constructing environment...'
|
||||
debugout 'I: Constructing environment...'
|
||||
cd "$(dirname "${BASH_SOURCE[0]}")"
|
||||
defaultshell="/bin/bash"
|
||||
params="$@"
|
||||
|
|
@ -22,14 +21,14 @@ sessiondir="/tmp/rootfs${session}"
|
|||
controldir="/tmp/control${session}"
|
||||
mkdir "$sessiondir" &&
|
||||
mkdir "$controldir" ||
|
||||
(echo 'E: Failed to construct environment, aborting...' ; exit 22) || exit 1
|
||||
(errout 'E: Failed to construct environment, aborting...' ; exit 22) || exit 1
|
||||
export session
|
||||
|
||||
#CHECK
|
||||
echo 'I: Getting runpath...'
|
||||
debugout 'I: Getting runpath...'
|
||||
runpath="${basedir}/$0"
|
||||
(ls "$runpath" &> /dev/null) ||
|
||||
(echo 'E: Runpath could not be determined, aborting...' ; cleanup ; exit 22) || exit 2
|
||||
(errout 'E: Runpath could not be determined, aborting...' ; cleanup ; exit 22) || exit 2
|
||||
|
||||
#MODULE-CUSTOM
|
||||
test -v mwcconf ||
|
||||
|
|
@ -38,14 +37,14 @@ test -v mwcinit ||
|
|||
export mwcinit="./init/custom.sh"
|
||||
|
||||
#MODULE-INIT
|
||||
echo 'I: Initalizing modules...'
|
||||
debugout 'I: Initalizing modules...'
|
||||
cd ./modules/
|
||||
. ./init.sh
|
||||
cd "$basedir"
|
||||
|
||||
#MODULE-LOAD
|
||||
cd ./modules/
|
||||
echo 'I: Loading modules...'
|
||||
debugout 'I: Loading modules...'
|
||||
bwrap_rawconfig="$(./config.sh)"
|
||||
bwrap_config="$(echo "$bwrap_rawconfig" | tr ' \\\n' ' ' |
|
||||
sed 's|((runpath))|'"$runpath"'|g' |
|
||||
|
|
@ -58,9 +57,9 @@ sed 's|((basedir))|'"$basedir"'|g')"
|
|||
cd "$basedir"
|
||||
|
||||
#PASSED
|
||||
echo 'I: Checking parameters...'
|
||||
debugout 'I: Checking parameters...'
|
||||
if [[ "$params" == "" ]]; then
|
||||
echo 'W: No paramerers passed! "'"$defaultshell"'" will be executed.'
|
||||
debugout 'W: No paramerers passed! "'"$defaultshell"'" will be executed.'
|
||||
passed="$defaultshell"
|
||||
else
|
||||
passed="$@"
|
||||
|
|
@ -68,14 +67,15 @@ fi
|
|||
export passed
|
||||
|
||||
#RUN
|
||||
echo 'I: Running bubblewrap...'
|
||||
debugout 'I: Running bubblewrap...'
|
||||
cd ./modules/
|
||||
bwrap \
|
||||
--bind "$sessiondir" / \
|
||||
--bind "$sessiondir" /rootfs \
|
||||
$bwrap_config \
|
||||
--tmpfs "$basedir" \
|
||||
--ro-bind "$basedir"/library.sh /mwlib.sh \
|
||||
/init "$passed" ||
|
||||
echo 'W: Some error caused bubblewrap to terminate: '"$?"
|
||||
debugout 'W: Some error caused bubblewrap to terminate: '"$?"
|
||||
|
||||
cleanup
|
||||
|
|
|
|||
|
|
@ -1,25 +1,25 @@
|
|||
#! /bin/bash
|
||||
|
||||
#CHECK:PARAMS
|
||||
if [ "$2" = "" ]; then
|
||||
echo 'I: Usage: modset.sh <moduledir> <modset>'
|
||||
echo 'E: Not enough parameters passed, aborting...'
|
||||
exit 397
|
||||
#CHECK:LIB
|
||||
debugout 'I: This is a library test!'
|
||||
if [ "$?" = "127" ]; then
|
||||
exit 742
|
||||
fi
|
||||
|
||||
#INIT
|
||||
moddir="$1"
|
||||
modset="$2"
|
||||
modsetdir="${moddir}/sets/${modset}/"
|
||||
debugout "I: moddir = $moddir"
|
||||
debugout "I: modset = $modset"
|
||||
debugout "I: modsetdir = $modsetdir"
|
||||
|
||||
#CHECK:EXISTENCE
|
||||
if [ ! -d "$modsetdir" ]; then
|
||||
echo 'E: This modset could not be accessed, aborting...'
|
||||
exit 796
|
||||
errout 'E: This modset could not be accessed, aborting...'
|
||||
exit 743
|
||||
fi
|
||||
|
||||
#APPLY
|
||||
echo 'I: Applying modset...'
|
||||
debugout 'I: Applying modset...'
|
||||
cp "${modsetdir}/config.sh" "${moddir}/" &&
|
||||
cp "${modsetdir}/init.sh" "${moddir}/" ||
|
||||
echo 'E: Failed to apply modset!'
|
||||
errout 'E: Failed to apply modset!'
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue